Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 212817 | Differences between
and this patch

Collapse All | Expand All

(-)prefix-portage-2.2.00.14200//pym/portage/__init__.py.msb (-4 / +53 lines)
Lines 100-106 Link Here
100
	from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \
100
	from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \
101
		USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \
101
		USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \
102
		PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \
102
		PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \
103
		EBUILD_SH_BINARY, SANDBOX_BINARY, BASH_BINARY, \
103
		EBUILD_SH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, MACOSSANDBOX_PROFILE, BASH_BINARY, \
104
		MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
104
		MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
105
		DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
105
		DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
106
		INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
106
		INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
Lines 2188-2193 Link Here
2188
			if bsd_chflags:
2188
			if bsd_chflags:
2189
				self.features.add('chflags')
2189
				self.features.add('chflags')
2190
2190
2191
			if not portage.process.macossandbox_capable and \
2192
				("macossandbox" in self.features or "macosusersandbox" in self.features):
2193
				if self.profile_path is not None and \
2194
					os.path.realpath(self.profile_path) == \
2195
					os.path.realpath(PROFILE_PATH):
2196
					""" Don't show this warning when running repoman and the
2197
					sandbox feature came from a profile that doesn't belong to
2198
					the user."""
2199
					writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \
2200
						" binary. Disabling...\n\n"), noiselevel=-1)
2201
				if "macossandbox" in self.features:
2202
					self.features.remove("macossandbox")
2203
				if "macosusersandbox" in self.features:
2204
					self.features.remove("macosusersandbox")
2205
2191
			self["FEATURES"] = " ".join(sorted(self.features))
2206
			self["FEATURES"] = " ".join(sorted(self.features))
2192
			self.backup_changes("FEATURES")
2207
			self.backup_changes("FEATURES")
2193
			global _glep_55_enabled, _validate_cache_for_unsupported_eapis
2208
			global _glep_55_enabled, _validate_cache_for_unsupported_eapis
Lines 3883-3895 Link Here
3883
	# fake ownership/permissions will have to be converted to real
3898
	# fake ownership/permissions will have to be converted to real
3884
	# permissions in the merge phase.
3899
	# permissions in the merge phase.
3885
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
3900
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
3901
	macossandbox = ("macossandbox" in features or \
3902
		"macosusersandbox" in features)
3886
	if droppriv and not uid and portage_gid and portage_uid:
3903
	if droppriv and not uid and portage_gid and portage_uid:
3887
		keywords.update({"uid":portage_uid,"gid":portage_gid,
3904
		keywords.update({"uid":portage_uid,"gid":portage_gid,
3888
			"groups":userpriv_groups,"umask":002})
3905
			"groups":userpriv_groups,"umask":002})
3889
	if not free:
3906
	if not free:
3890
		free=((droppriv and "usersandbox" not in features) or \
3907
		free=((droppriv and "usersandbox" not in features and
3908
			"macosusersandbox" not in features) or \
3891
			(not droppriv and "sandbox" not in features and \
3909
			(not droppriv and "sandbox" not in features and \
3892
			"usersandbox" not in features and not fakeroot))
3910
			"usersandbox" not in features and not fakeroot and \
3911
			not macossandbox))
3912
3913
	# confining the process to a prefix sandbox is disabled by default, if
3914
	# a normal sandbox is requested a this point, it will be used, if no
3915
	# sandbox is requested, a prefix sandbox will be imposed if requested
3916
	# by the appropriate features
3917
	prefixsandbox = False
3918
	if free:
3919
		prefixsandbox = "macosprefixsandbox" in features
3920
		free = not prefixsandbox
3893
3921
3894
	if free or "SANDBOX_ACTIVE" in os.environ:
3922
	if free or "SANDBOX_ACTIVE" in os.environ:
3895
		keywords["opt_name"] += " bash"
3923
		keywords["opt_name"] += " bash"
Lines 3898-3903 Link Here
3898
		keywords["opt_name"] += " fakeroot"
3926
		keywords["opt_name"] += " fakeroot"
3899
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
3927
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
3900
		spawn_func = portage.process.spawn_fakeroot
3928
		spawn_func = portage.process.spawn_fakeroot
3929
	elif macossandbox:
3930
		keywords["opt_name"] += " macossandbox"
3931
		if prefixsandbox:
3932
			sbprefixpath = mysettings["EPREFIX"]
3933
		else:
3934
			sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
3935
3936
		# escape some characters with special meaning in re's
3937
		sbprefixre = sbprefixpath.replace("+", "\+")
3938
		sbprefixre = sbprefixre.replace("*", "\*")
3939
		sbprefixre = sbprefixre.replace("[", "\[")
3940
		sbprefixre = sbprefixre.replace("[", "\[")
3941
3942
		sbprofile = MACOSSANDBOX_PROFILE
3943
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)
3944
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)
3945
3946
		keywords["profile"] = sbprofile
3947
		spawn_func = portage.process.spawn_macossandbox
3901
	else:
3948
	else:
3902
		keywords["opt_name"] += " sandbox"
3949
		keywords["opt_name"] += " sandbox"
3903
		spawn_func = portage.process.spawn_sandbox
3950
		spawn_func = portage.process.spawn_sandbox
Lines 6996-7008 Link Here
6996
		restrict = mysettings["PORTAGE_RESTRICT"].split()
7043
		restrict = mysettings["PORTAGE_RESTRICT"].split()
6997
		nosandbox = (("userpriv" in features) and \
7044
		nosandbox = (("userpriv" in features) and \
6998
			("usersandbox" not in features) and \
7045
			("usersandbox" not in features) and \
7046
			("macosusersandbox" not in features) and \
6999
			"userpriv" not in restrict and \
7047
			"userpriv" not in restrict and \
7000
			"nouserpriv" not in restrict)
7048
			"nouserpriv" not in restrict)
7001
		if nosandbox and ("userpriv" not in features or \
7049
		if nosandbox and ("userpriv" not in features or \
7002
			"userpriv" in restrict or \
7050
			"userpriv" in restrict or \
7003
			"nouserpriv" in restrict):
7051
			"nouserpriv" in restrict):
7004
			nosandbox = ("sandbox" not in features and \
7052
			nosandbox = ("sandbox" not in features and \
7005
				"usersandbox" not in features)
7053
				"usersandbox" not in features and \
7054
				"macosusersandbox" not in features)
7006
7055
7007
		sesandbox = mysettings.selinux_enabled() and \
7056
		sesandbox = mysettings.selinux_enabled() and \
7008
			"sesandbox" in mysettings.features
7057
			"sesandbox" in mysettings.features
(-)prefix-portage-2.2.00.14200//pym/portage/const.py.msb (+25 lines)
Lines 78-83 Link Here
78
BASH_BINARY              = PORTAGE_BASH
78
BASH_BINARY              = PORTAGE_BASH
79
MOVE_BINARY              = PORTAGE_MV
79
MOVE_BINARY              = PORTAGE_MV
80
PRELINK_BINARY           = EPREFIX + "/usr/sbin/prelink"
80
PRELINK_BINARY           = EPREFIX + "/usr/sbin/prelink"
81
MACOSSANDBOX_BINARY     = "/usr/bin/sandbox-exec"
82
MACOSSANDBOX_PROFILE    = '''(version 1)
83
84
(allow default)
85
86
(deny file-write*)
87
88
(allow file-read* file-write*
89
  (literal
90
    #"@@WRITEABLE_PREFIX@@"
91
  )
92
93
  (regex
94
    #"^@@WRITEABLE_PREFIX_RE@@/"
95
    #"^(/private)?/var/tmp"
96
    #"^(/private)?/tmp"
97
  )
98
)
99
100
(allow file-read-data file-write-data
101
  (regex
102
    #"^/dev/null$"
103
    #"^(/private)?/var/run/syslog$"
104
  )
105
)'''
81
106
82
INVALID_ENV_FILE         = "/etc/spork/is/not/valid/profile.env"
107
INVALID_ENV_FILE         = "/etc/spork/is/not/valid/profile.env"
83
REPO_NAME_FILE           = "repo_name"
108
REPO_NAME_FILE           = "repo_name"
(-)prefix-portage-2.2.00.14200//pym/portage/process.py.msb (-1 / +17 lines)
Lines 17-23 Link Here
17
	'portage.util:dump_traceback',
17
	'portage.util:dump_traceback',
18
)
18
)
19
19
20
from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY
20
from portage.const import BASH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, FAKEROOT_BINARY
21
from portage.exception import CommandNotFound
21
from portage.exception import CommandNotFound
22
22
23
try:
23
try:
Lines 40-45 Link Here
40
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
40
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
41
                    os.access(FAKEROOT_BINARY, os.X_OK))
41
                    os.access(FAKEROOT_BINARY, os.X_OK))
42
42
43
macossandbox_capable = (os.path.isfile(MACOSSANDBOX_BINARY) and
44
                   os.access(MACOSSANDBOX_BINARY, os.X_OK))
45
43
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
46
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
44
	"""
47
	"""
45
	Spawns a bash shell running a specific commands
48
	Spawns a bash shell running a specific commands
Lines 89-94 Link Here
89
	args.append(mycommand)
92
	args.append(mycommand)
90
	return spawn(args, opt_name=opt_name, **keywords)
93
	return spawn(args, opt_name=opt_name, **keywords)
91
94
95
def spawn_macossandbox(mycommand, profile=None, opt_name=None, **keywords):
96
	if not macossandbox_capable:
97
		return spawn_bash(mycommand, opt_name=opt_name, **keywords)
98
	args=[MACOSSANDBOX_BINARY]
99
	if not opt_name:
100
		opt_name = os.path.basename(mycommand.split()[0])
101
	args.append("-p")
102
	args.append(profile)
103
	args.append(BASH_BINARY)
104
	args.append("-c")
105
	args.append(mycommand)
106
	return spawn(args, opt_name=opt_name, **keywords)
107
92
_exithandlers = []
108
_exithandlers = []
93
def atexit_register(func, *args, **kargs):
109
def atexit_register(func, *args, **kargs):
94
	"""Wrapper around atexit.register that is needed in order to track
110
	"""Wrapper around atexit.register that is needed in order to track

Return to bug 212817